[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "Debian hardened" ;-)

Albretch Mueller wrote:
>  I am not trying to bait anyone into an argument. It is just that
> IMHO, even though I see that gentoo has its appeal and value, using it
> for servers is not such as manageable as other distros.
> ~
>  However, I still like very much the gentoo hardened project.
> ~
> // __ http://www.gentoo.org/proj/en/hardened/
> ~
> // __ http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml
> ~
>  Do you know of Debian based attempts to security including all these
> sec features gentoo Linux does?
> ~
>  http://sourceforge.net/projects/debianhardened
> ~
>  Doesn't seem to be active for almost more than 3 years already
> ~
>  I am concretely trying to device something like a Debian baseline
> with a gentoo hardened-like security infrastructure
> ~
>  There exist tutorials on how to setup SELinux on Debian
> ~
>  http://wiki.debian.org/SELinux/Setup
> ~
>  I am trying to also setup on top of  it stuff like PaX/Grsecurity,
> RSBAC ... a la gentoo hardened
> ~
>  Any ideas you would like to share?

Work is under way. See http://wiki.debian.org/Hardening for a brief outline.
A prototype wrapper has been hacked together and Lucas Nussbaum did a full
archive rebuild for i386 with most of the hardening options enabled. This
needs a little bit more work, but after that it should be ready to be announced
to the developers at a larger scale.


Reply to: